tree-wide: refactor

i went overboard on modules. this is much comfier

4 files changed, 144 insertions, 0 deletions

diff --git a/systems/atlas/default.nix b/systems/atlas/default.nix
new file mode 100644
index 0000000..00bfab4
--- /dev/null
+++ b/systems/atlas/default.nix
@@ -0,0 +1,53 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    ./miniflux.nix
+    ./nginx.nix
+  ];
+
+  _module.args.nixinate = {
+    host = "atlas";
+    sshUser = "root";
+    buildOn = "remote";
+    substituteOnTarget = true;
+    hermetic = false;
+  };
+
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    tmp.cleanOnBoot = true;
+  };
+
+  networking = {
+    domain = "mydadleft.me";
+    hostName = "atlas";
+    networkmanager.enable = false;
+  };
+
+  services = {
+    guzzle-api = {
+      enable = true;
+      domain = "api.${config.networking.domain}";
+      nginx = {
+        enableACME = true;
+        acmeRoot = null;
+        addSSL = true;
+      };
+    };
+
+    resolved.enable = false;
+  };
+
+  users.users.atlas = {
+    isNormalUser = true;
+    shell = pkgs.bash;
+    passwordFile = config.age.secrets.userPassword.path;
+  };
+
+  zramSwap.enable = true;
+}
diff --git a/systems/atlas/hardware-configuration.nix b/systems/atlas/hardware-configuration.nix
new file mode 100644
index 0000000..00c6cd8
--- /dev/null
+++ b/systems/atlas/hardware-configuration.nix
@@ -0,0 +1,29 @@
+{modulesPath, ...}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot = {
+    extraModulePackages = [];
+    kernelModules = [];
+
+    initrd = {
+      availableKernelModules = ["virtio_pci" "usbhid"];
+      kernelModules = [];
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/f0c84809-83f5-414b-a973-496d25d74c6d";
+      fsType = "ext4";
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/A253-0826";
+      fsType = "vfat";
+    };
+  };
+
+  swapDevices = [];
+}
diff --git a/systems/atlas/miniflux.nix b/systems/atlas/miniflux.nix
new file mode 100644
index 0000000..df1c761
--- /dev/null
+++ b/systems/atlas/miniflux.nix
@@ -0,0 +1,16 @@
+{config, ...}: {
+  config = {
+    age.secrets = {
+      miniflux.file = ../../secrets/systems/${config.networking.hostName}/miniflux.age;
+    };
+
+    services.miniflux = {
+      enable = true;
+      adminCredentialsFile = config.age.secrets.miniflux.path;
+      config = {
+        BASE_URL = "https://miniflux.${config.networking.domain}";
+        LISTEN_ADDR = "localhost:7000";
+      };
+    };
+  };
+}
diff --git a/systems/atlas/nginx.nix b/systems/atlas/nginx.nix
new file mode 100644
index 0000000..6cdd793
--- /dev/null
+++ b/systems/atlas/nginx.nix
@@ -0,0 +1,46 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (config.networking) domain;
+
+  mkProxy = endpoint: port: {
+    "${endpoint}" = {
+      proxyPass = "http://localhost:${toString port}";
+      proxyWebsockets = true;
+    };
+  };
+
+  mkVHosts = let
+    commonSettings = {
+      enableACME = true;
+      # workaround for https://github.com/NixOS/nixpkgs/issues/210807
+      acmeRoot = null;
+
+      addSSL = true;
+    };
+  in
+    lib.mapAttrs (_: lib.recursiveUpdate commonSettings);
+in {
+  server.services.cloudflared.enable = true;
+
+  services.nginx = {
+    enable = true;
+
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts = mkVHosts {
+      "miniflux.${domain}" = {
+        locations = mkProxy "/" "7000";
+      };
+
+      "msix.${domain}" = {
+        root = "/var/www/msix";
+      };
+    };
+  };
+}